By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Kieran Healy, on Twitter, regarding my piece Friday on the Washington Post’s atrociously one-sided and shortsighted report on Apple and Google’s joint exposure notification project:
I think half the academics and health people quoted in this story @gruber rightly drubs are so annoyed at being denied some extremely nice data that they forget the thing they want would be immediately repurposed by bad actors and put to ends they’d abhor.
It’s an unpleasant truth that personalized, fine-grained tracking data at scale is attractive to scientists for much the same reasons that it’s attractive to government snoops. The fact that the ends differ isn’t a sufficient differentiator.
This is exactly where many health officials around the world have gone awry. Their intentions are admirable: they want maximal data so they can do maximal analysis. But the sources for the Post’s story seemingly have no awareness whatsoever of the privacy ramifications of the data they claim to want Apple and Google to collect — and in some cases report automatically to the government.
Nor have they seemingly paused to consider the fact that Apple and Google have extensive experience in this regard.
Healy quotes the following from a piece he wrote back in 2006, on the NSA’s massive database of domestic phone calls:
Scientists and spies are not so different. The intelligence community’s drive to find the truth, to uncover the real structure of things, is similar to what motivates natural or social scientists. For that reason, I can easily understand why the people at the NSA would have been drawn to build a database like the one they have assembled. The little megalomaniac that lives inside any data-collecting scientist (“More detail! More variables! More coverage!”) thrills at the thought of what you could do with a database like that. Think of the possibilities! What’s frightening is that the NSA is much less constrained than the rest of us by money, or resources, or — it seems — the law. To them, Borges’ map must seem less like a daydream and more like a design challenge. In Kossinets and Watts’ study, the population of just one university generated more than 14 million emails. That gives you a sense of how enormous the NSA’s database of call records must be. In the social sciences, Institutional Review Boards set rules about what you can do to people when you’re researching them. Social scientists often grumble about IRBs and their stupid regulations, but they exist for a good reason. To be blunt, scientists are happy to do just about anything in the pursuit of better knowledge, unless there are rules that say otherwise. The same is true of the government, and the people it employs to spy on our behalf. They only want to find things out, too. But just as in science, that’s not the only value that matters.
In short, the privacy implications of using phones for contact tracing are very complicated. The limited scope of Apple and Google’s joint project is the best effort to date to balance those trade-offs.
★ Monday, 18 May 2020